Key obstacles to effective IT security strategies

Drawing on data gathered from a total of 3,037 individuals – 1,944 technicians and 1,093 executives – in the United States, Canada, United Kingdom, Australia, Germany France and Japan, a Ponemon Institute survey revealed a clear disconnect between these groups within UK enterprises.

The UK findings revealed a clear difference between the confidence of executive teams when it comes to their business’s cyber defense strategy, compared with the views of the technicians tasked with maintaining it – as 32 percent of executives and 18 percent of technicians described their organization’s cyber security posture as excellent.

The report also found that 23 percent of executives, compared with just 3 percent of technicians, felt their organization’s cyber security strategy was not aligned with its overall business objectives. This discrepancy suggests that technicians are clearly failing to frame their needs in language which is understood by IT decision makers – something which is leading to a culture of miscommunication, and is preventing many organizations from developing a robust cyber defense strategy.

Another concern highlighted by the study is the fact that 41 percent of executives and 46 percent of technicians reported an increase in advanced malware and zero-day attacks on their business in the past year, with 69 percent of executives and 76 percent of technicians also indicating that their organization had suffered a data breach in this period.

Yet despite this, 45 percent of executives and 44 percent of technicians reported that insufficient resources present an obstacle to obtaining an optimal cyber defence infrastructure and strategy. 46 percent of executives and 49 percent of technicians also felt a lack of collaboration with other functions was hindering their IT security posture. This indicates that despite the vast sums of money spent globally by enterprises to mitigate the risk to businesses, organizations are still under resourced and inadequately equipped to combat the mounting threat facing them.

Unsurprisingly, the survey also revealed the limitations of traditional security defenses as reported by practitioners, with 43 percent reporting that the security technologies currently in use by their organization do not detect and block modern day attacks. This is compared with just 23 percent of executives who seem to invest significantly more confidence in these tools.

A large proportion of respondents also cited manual inspection as a primary method of tracking the source of attacks and malware infections, indicating that traditional, labor intensive security is still widespread, despite the changing nature of the threat.